package com.howie.parnote.util.security;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

public class CSRFHeaderTokenValid {
	protected boolean isValidCsrfHeaderToken(HttpServletRequest request, HttpSession session) {
		if (request.getHeader(
				"__RequestVerificationToken") == null
				|| session.getAttribute(
				CSRFTokenManager.CSRF_TOKEN_FOR_SESSION_ATTR_NAME) == null
				|| !request.getHeader(
				"__RequestVerificationToken").equals(session.getAttribute(
				CSRFTokenManager.CSRF_TOKEN_FOR_SESSION_ATTR_NAME).toString())) {
			return false;
		}
		return true;
	}
}

